Plattform
other
Komponente
ni-system-web-server
Behoben in
12.0.1
CVE-2025-12097 identifies a Path Traversal vulnerability within the NI System Web Server. Successful exploitation allows an attacker to read arbitrary files, potentially leading to information disclosure. This vulnerability impacts versions 9.0.0 through 12.* of the web server and was resolved in 2013.
The primary impact of CVE-2025-12097 is unauthorized access to sensitive files on the system hosting the NI System Web Server. An attacker could leverage this vulnerability to retrieve configuration files, source code, or other data containing credentials or proprietary information. The blast radius extends to any data accessible by the web server process, and depending on the system's configuration, could potentially lead to further compromise of the underlying operating system. This vulnerability shares similarities with other path traversal exploits, where attackers manipulate file paths to bypass security controls.
CVE-2025-12097 was published on December 4, 2025. Public proof-of-concept exploits are not currently known, but the vulnerability's nature makes it likely that such exploits will emerge. Given the age of the affected versions, systems running these versions are likely to be legacy and may be at higher risk due to lack of patching and outdated security configurations. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations utilizing legacy NI System Web Server deployments, particularly those running versions 9.0.0 through 12.*, are at significant risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as a compromise of one user's account could potentially expose data for other users.
disclosure
Exploit-Status
EPSS
0.13% (32% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2025-12097 is to upgrade the NI System Web Server to a version fixed in 2013. Due to the age of the vulnerability, upgrading may require careful planning and testing to ensure compatibility with existing systems. If an immediate upgrade is not feasible, consider implementing stricter file access controls on the server to limit the attacker's ability to read sensitive files. Web application firewalls (WAFs) can also be configured to block requests containing suspicious path traversal patterns. Monitor web server logs for unusual file access attempts.
Actualice el NI System Web Server a una versión posterior a 2012. Esto solucionará la vulnerabilidad de path traversal. Consulte la documentación de NI para obtener instrucciones específicas sobre cómo actualizar el software.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-12097 is a vulnerability allowing attackers to read arbitrary files on a server running NI System Web Server, potentially exposing sensitive data.
You are affected if you are running NI System Web Server versions 9.0.0 through 12.*. Upgrade to a version fixed in 2013 to mitigate the risk.
Upgrade to a version of NI System Web Server that includes the fix released in 2013. Plan and test the upgrade carefully to ensure compatibility.
While no active exploitation has been confirmed, the vulnerability's age and simplicity suggest a potential risk of exploitation.
Refer to NI's official security advisories and documentation for specific details and guidance related to CVE-2025-12097.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.